What security precautions would you take in terms of policies/best practices on the network (with regards to both configuration and end user access) to ensure that the network is not vulnerable to attacks from the Internet or from within the network? You should consider all aspects of security, including the need for Internet access, what services on the Internet are permitted access, remote access for work-from-home users, etc. b) What additional security equipment/s do you recommend? Briefly explain its purpose and include the quantity and cost

 

Old-Leftovers-and-Excesses Ltd. is a company that sells used goods and is well known in the North-west of England as OLX. Its network which has two points of presence across two cities, has its headquarters in Manchester and one sales office at Newcastle connected via a wide area leased link. It expects to add another location at Edinburgh to its network. The Edinburgh location will house another sales office that will interact mostly with the headquarters as well as with the Manchester Sales office. The current IP subnet allocation on the network, based on the number of employees at each location is listed below. Each of the subnets have a current address utilisation of -70%. Location Manchester - HQ Newcastle-S01 Network Address 192.168.0.0/26 192.168.0.64/26 First Host Last Host No Address 192.168.0.1 Address 192.168.0.62 192.168.0.65 192.168.0.126 of Staff/Devices 62 62 At the HQ, there are devices belonging to the corporate team, the IT team, and an internal DNS server that registers all the internal osts. Hosts at the HQ and hosts at S01 are configured to refer to this DNS server. A storage server, accessible to all hosts in the organisation, is located on the HQ LAN segment. The Storage server is connected to the rest of the network through a separate switch. Both locations have a DHCP server that enables auto-configuration of IP addresses for the devices in the location. At the HQ and SO1, each team is connected to a separate switch and the team switches are then interconnected appropriately to a separate switch, upstream. This approach has been taken for physical segmentation to make sure that each team interacts within its own broadcast domain. The HQ and S01 have one rouler each The HQ fosts the company's web server within a DMZ. A firewall connects the web server to the ISP router at the HQ. At present, the HQ alone is connected to an ISP for access to the Internet. S01 connects to HQ via a WAN link that terminates on a port on the ISP router at the HQ and accesses the Internet through the HQ. A large team of up to 20 sales personnel are expected to be deployed at the Edinburgh office. In addition, a team of 5 customer support personnel will be deployed at Edinburgh, and it is expected that the customer support team is expected to scale very fast, to up to 20 personnel, since this location will provide customer support across the UK. Almost all services used are cloud-based such as Email and CRM. Therefore, Intamet access is critical to sustain these services.